"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2020-12-02 21:01:51 +00:00 · 2020-12-02 21:01:51 +00:00 · ca9d34407a
commit ca9d34407a
parent 753d45354a
3 changed files with 25 additions and 2 deletions
--- a/2020/26xxx/CVE-2020-26244.json
+++ b/2020/26xxx/CVE-2020-26244.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Python oic is a Python OpenID Connect implementation.  In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. \n\nThe issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg.\n2) JWA `none` algorithm was allowed in all flows.\n3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator.\n4) iat claim was not checked for sanity (i.e. it could be in the future).\n\nThese issues are patched in version 1.2.1."
+                "value": "Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1."
            }
        ]
    },
--- a/2020/29xxx/CVE-2020-29478.json
+++ b/2020/29xxx/CVE-2020-29478.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2020-29478",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2020/7xxx/CVE-2020-7335.json
+++ b/2020/7xxx/CVE-2020-7335.json
@ -78,10 +78,15 @@
                "name": "http://service.mcafee.com/FAQDocument.aspx?&id=TS103089",
                "refsource": "CONFIRM",
                "url": "http://service.mcafee.com/FAQDocument.aspx?&id=TS103089"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1388/",
+                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1388/"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}